Examples of org.apache.shindig.auth.SecurityToken

org.apache.shindig.auth.SecurityToken
An abstract representation of a signing token. Use in conjunction with @code SecurityTokenDecoder.

        validPage.setOwner(new User(expectedOwnerId));


        expect(userService.getAuthenticatedUser()).andReturn(validPerson).anyTimes();
        replay(userService);


        SecurityToken securityToken = securityTokenService.getSecurityToken(validRegionWidget);
        validateSecurityToken(securityToken, expectedOwnerId);
    }

View Full Code Here

        replay(userService);


        String encryptedToken = securityTokenService.getEncryptedSecurityToken(validRegionWidget);
        assertNotNull(encryptedToken);


        SecurityToken securityToken = securityTokenService.decryptSecurityToken(encryptedToken);
        validateSecurityToken(securityToken);
    }

View Full Code Here

        String encryptedToken = securityTokenService.getEncryptedSecurityToken(validRegionWidget);
        assertNotNull(encryptedToken);


        encryptedToken = securityTokenService.refreshEncryptedSecurityToken(encryptedToken);


        SecurityToken securityToken = securityTokenService.decryptSecurityToken(encryptedToken);
        validateSecurityToken(securityToken);
    }

View Full Code Here

        return encryptedToken;
    }


    @Override
    public SecurityToken decryptSecurityToken(String encryptedSecurityToken) throws SecurityTokenException {
        SecurityToken securityToken;


        try {
            if (logger.isTraceEnabled()) {
                logger.trace("Decrypting security token: " + encryptedSecurityToken);
            }

View Full Code Here

    }


    @Override
    public String refreshEncryptedSecurityToken(String encryptedSecurityToken) throws SecurityTokenException {
        //Decrypt the current token
        SecurityToken securityToken = this.decryptSecurityToken(encryptedSecurityToken);


        //Make sure the person is authorized to refresh this token
        String userId = String.valueOf(userService.getAuthenticatedUser().getId());
        if (!securityToken.getViewerId().equalsIgnoreCase(userId)) {
            throw new SecurityTokenException("Illegal attempt by user " + userId +
                    " to refresh security token with a viewerId of " + securityToken.getViewerId());
        }


        //Create a new RegionWidget instance from it so we can use it to generate a new encrypted token
        RegionWidget regionWidget = new RegionWidget(securityToken.getModuleId(),
                new Widget(-1L, securityToken.getAppUrl()),
                new Region(-1L, new Page(-1L, new User(Long.valueOf(securityToken.getOwnerId())))));


        //Create and return the newly encrypted token
        return getEncryptedSecurityToken(regionWidget);
    }

View Full Code Here

    expectTokenEntry();
    expectConsumer();
    replay();
    HttpServletRequest request = formEncodedPost.sign(TOKEN,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
    SecurityToken token = reqHandler.getSecurityTokenFromRequest(request);
    assertEquals(FakeOAuthRequest.REQUESTOR, token.getViewerId());
    assertEquals(APP_ID, token.getAppId());
    assertEquals(DOMAIN, token.getDomain());
    assertEquals(CONTAINER, token.getContainer());
    assertNotNull(token);
    assertTrue(token instanceof OAuthSecurityToken);
    verify();
  }

View Full Code Here

    expectTokenEntry();
    expectConsumer();
    replay();
    HttpServletRequest request = formEncodedPost.sign(TOKEN,
        FakeOAuthRequest.OAuthParamLocation.POST_BODY, FakeOAuthRequest.BodySigning.NONE);
    SecurityToken token = reqHandler.getSecurityTokenFromRequest(request);
    assertNotNull(token);
    verify();
  }

View Full Code Here

    expectConsumer();
    expectSecurityToken();
    replay();
    HttpServletRequest request = formEncodedPost.sign(null,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
    SecurityToken token = reqHandler.getSecurityTokenFromRequest(request);
    assertNotNull(token);
    assertFalse(token instanceof OAuthSecurityToken);
    verify();
  }

View Full Code Here

    replay();
    FakeHttpServletRequest request = formEncodedPost.sign(null,
        FakeOAuthRequest.OAuthParamLocation.URI_QUERY, FakeOAuthRequest.BodySigning.NONE);
    // A request without a signature is not an OAuth request
    request.setParameter(OAuth.OAUTH_SIGNATURE, "");
    SecurityToken st = reqHandler.getSecurityTokenFromRequest(request);
    assertNull(st);
  }

View Full Code Here

  protected void doGet(HttpServletRequest servletRequest, HttpServletResponse servletResponse)
      throws IOException {
    setCharacterEncodings(servletRequest, servletResponse);
    servletResponse.setContentType(ContentTypes.OUTPUT_JSON_CONTENT_TYPE);


    SecurityToken token = getSecurityToken(servletRequest);
    if (token == null) {
      sendSecurityError(servletResponse);
      return;
    }

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.shindig.auth.SecurityToken

org.apache.rave.opensocial.service.AppDataServiceTest

org.apache.rave.opensocial.service.impl.DefaultActivityStreamsService

org.apache.rave.provider.opensocial.service.impl.EncryptedBlobSecurityTokenService

org.apache.rave.provider.opensocial.service.SecurityTokenServiceTest

org.apache.shindig.gadgets.config.ShindigAuthConfigContributor

org.apache.shindig.gadgets.DefaultGadgetSpecFactoryTest

org.apache.shindig.gadgets.http.AbstractHttpCache

org.apache.shindig.gadgets.http.AbstractHttpCacheTest

org.apache.shindig.gadgets.oauth.OAuthFetcher

org.apache.shindig.gadgets.oauth.OAuthFetcherTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.